In a previous post, I covered how to build and verify a basic MPLS based Unicast IPv4 VPN. This posting will expand upon what we learnt there and look at how we can address the same problem Service Providers may have when they are managing CE routers that use BGP as CE-PE protocol. In particular managing the use of BGP ASNs.
One of the most popular posts on this blog addresses this problem using Cisco IOS, in this case I'm going to attempt to resolve the problem the same way but with Junos.
This topology will have 4 routers: two CEs and two PEs
below are our starting configurations: We will note that both CEs are in AS 64512
R1(CE)
root@R1-CE> show configuration | display set
set system host-name R1-CE
set interfaces em1 vlan-tagging
set interfaces em1 unit 12 vlan-id 12
set interfaces em1 unit 12 family inet address 10.1.12.1/24
set interfaces lo0 unit 0 family inet address 1.1.1.1/32
set routing-options autonomous-system 64512
set protocols bgp export ToBGP
set protocols bgp group PE type external
set protocols bgp group PE family inet unicast
set protocols bgp group PE peer-as 65500
set protocols bgp group PE neighbor 10.1.12.2
set policy-options policy-statement ToBGP term Direct from protocol direct
set policy-options policy-statement ToBGP term Direct then accept
R2(PE)
root@R2-PE> show configuration | display set
set system host-name R2-PE
set interfaces em1 vlan-tagging
set interfaces em1 unit 12 vlan-id 12
set interfaces em1 unit 12 family inet address 10.1.12.2/24
set interfaces em1 unit 23 vlan-id 23
set interfaces em1 unit 23 family inet address 10.1.23.2/24
set interfaces em1 unit 23 family mpls
set interfaces lo0 unit 0 family inet address 2.2.2.2/32
set routing-options router-id 2.2.2.2
set routing-options autonomous-system 65500
set protocols mpls interface em1.23
set protocols bgp group Core type internal
set protocols bgp group Core local-address 2.2.2.2
set protocols bgp group Core family inet-vpn unicast
set protocols bgp group Core peer-as 65500
set protocols bgp group Core neighbor 3.3.3.3
set protocols ospf area 0.0.0.0 interface em1.23
set protocols ospf area 0.0.0.0 interface lo0.0
set protocols ldp interface em1.23
set routing-instances CustomerA instance-type vrf
set routing-instances CustomerA interface em1.12
set routing-instances CustomerA route-distinguisher 65500:1
set routing-instances CustomerA vrf-target target:65500:1
set routing-instances CustomerA vrf-table-label
set routing-instances CustomerA protocols bgp group CE type external
set routing-instances CustomerA protocols bgp group CE family inet unicast
set routing-instances CustomerA protocols bgp group CE neighbor 10.1.12.1 peer-as 64512
R3(PE)
root@R3-PE> show configuration | display set
set system host-name R3-PE
set interfaces em1 vlan-tagging
set interfaces em1 unit 23 vlan-id 23
set interfaces em1 unit 23 family inet address 10.1.23.3/24
set interfaces em1 unit 23 family mpls
set interfaces em1 unit 34 vlan-id 34
set interfaces em1 unit 34 family inet address 10.1.34.3/24
set interfaces lo0 unit 0 family inet address 3.3.3.3/32
set routing-options router-id 3.3.3.3
set routing-options autonomous-system 65500
set protocols mpls interface em1.23
set protocols bgp group Core type internal
set protocols bgp group Core local-address 3.3.3.3
set protocols bgp group Core family inet-vpn unicast
set protocols bgp group Core peer-as 65500
set protocols bgp group Core neighbor 2.2.2.2
set protocols ospf area 0.0.0.0 interface em1.23
set protocols ospf area 0.0.0.0 interface lo0.0
set protocols ldp interface em1.23
set routing-instances CustomerA instance-type vrf
set routing-instances CustomerA interface em1.34
set routing-instances CustomerA route-distinguisher 65500:1
set routing-instances CustomerA vrf-target target:65500:1
set routing-instances CustomerA vrf-table-label
set routing-instances CustomerA protocols bgp group CE type external
set routing-instances CustomerA protocols bgp group CE family inet unicast
set routing-instances CustomerA protocols bgp group CE neighbor 10.1.34.4 peer-as 64512
R4(CE)
root@R4-CE> show configuration | display set
set system host-name R4-CE
set interfaces em1 vlan-tagging
set interfaces em1 unit 34 vlan-id 34
set interfaces em1 unit 34 family inet address 10.1.34.4/24
set interfaces lo0 unit 0 family inet address 4.4.4.4/32
set routing-options router-id 4.4.4.4
set routing-options autonomous-system 64512
set protocols bgp export ToBGP
set protocols bgp group PE type external
set protocols bgp group PE family inet unicast
set protocols bgp group PE peer-as 65500
set protocols bgp group PE neighbor 10.1.34.3
set policy-options policy-statement ToBGP term Direct from protocol direct
set policy-options policy-statement ToBGP term Direct then accept
Let's check the Routing tables related to this VPN
root@R1-CE> show route table inet.0 terse
inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
A Destination P Prf Metric 1 Metric 2 Next hop AS path
* 1.1.1.1/32 D 0 >lo0.0
* 10.1.12.0/24 D 0 >em1.12
* 10.1.12.1/32 L 0 Local
* 10.1.34.0/24 B 170 100 >10.1.12.2 65500 I
root@R2-PE> show route table CustomerA.inet.0 terse
CustomerA.inet.0: 5 destinations, 6 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
A Destination P Prf Metric 1 Metric 2 Next hop AS path
* 1.1.1.1/32 B 170 100 >10.1.12.1 64512 I
* 4.4.4.4/32 B 170 100 >10.1.23.3 64512 I
* 10.1.12.0/24 D 0 >em1.12
B 170 100 >10.1.12.1 64512 I
* 10.1.12.2/32 L 0 Local
* 10.1.34.0/24 B 170 100 >10.1.23.3 I
root@R3-PE> show route table CustomerA.inet.0 terse
CustomerA.inet.0: 5 destinations, 6 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
A Destination P Prf Metric 1 Metric 2 Next hop AS path
* 1.1.1.1/32 B 170 100 >10.1.23.2 64512 I
* 4.4.4.4/32 B 170 100 >10.1.34.4 64512 I
* 10.1.12.0/24 B 170 100 >10.1.23.2 I
* 10.1.34.0/24 D 0 >em1.34
B 170 100 >10.1.34.4 64512 I
* 10.1.34.3/32 L 0 Local
root@R4-CE> show route table inet.0 terse
inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
A Destination P Prf Metric 1 Metric 2 Next hop AS path
* 4.4.4.4/32 D 0 >lo0.0
* 10.1.12.0/24 B 170 100 >10.1.34.3 65500 I
* 10.1.34.0/24 D 0 >em1.34
* 10.1.34.4/32 L 0 Local
We shouldn't be surprised that even though the MPLS network can see routes towards R1 and R4, R1 and R4 cannot see routes to each other since the AS Path would appear as 64512 65500 64512 and BGP uses the AS Path as its loop avoidance mechanism.
One way to overcome this is "AS-override" which is applied to the MPLS PE and replaces the CE's ASN with that of the PE
We'll do that on R2-PE, which will result in R1-CE being able to see R4-CE's loopback
root@R2-PE> configure
Entering configuration mode
[edit]
root@R2-PE# set routing-instances CustomerA protocols bgp group CE neighbor 10.1.12.1 as-override
root@R2-PE# commit and-quit
commit complete
Exiting configuration mode
R2 shows that it knows the AS path for 4.4.4.4/32 as coming from AS 64512
root@R2-PE> show route table CustomerA.inet.0 4.4.4.4/32
CustomerA.inet.0: 5 destinations, 6 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
4.4.4.4/32 *[BGP/170] 00:02:59, localpref 100, from 3.3.3.3
AS path: 64512 I
> to 10.1.23.3 via em1.23, Push 16
However we are advertising it to R1 as if it comes from the MPLS Core AS
root@R2-PE> show route advertising-protocol bgp 10.1.12.1
CustomerA.inet.0: 5 destinations, 6 routes (5 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
* 1.1.1.1/32 10.1.12.1 65500 I
* 4.4.4.4/32 Self 65500 I
* 10.1.34.0/24 Self I
Which is what R1 believes, which is fine because that gets rid of the AS-Path problem
root@R1-CE> show route table inet.0 terse
inet.0: 5 destinations, 6 routes (5 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both
A Destination P Prf Metric 1 Metric 2 Next hop AS path
* 1.1.1.1/32 D 0 >lo0.0
* 4.4.4.4/32 B 170 100 >10.1.12.2 65500 65500 I
* 10.1.12.0/24 D 0 >em1.12
* 10.1.12.1/32 L 0 Local
* 10.1.34.0/24 B 170 100 >10.1.12.2 65500 I
An alternative to do this on the PE is to purposely allow looping to occur on the CE - we'll try this config on R4-CE and allow our AS to be seen twice
root@R4-CE> configure
Entering configuration mode
[edit]
root@R4-CE# set routing-options autonomous-system loops 2
[edit]
root@R4-CE# commit and-quit
commit complete
Exiting configuration mode
root@R3-PE> show route advertising-protocol bgp 10.1.34.4
CustomerA.inet.0: 5 destinations, 6 routes (5 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
* 10.1.12.0/24 Self I
Unfortunately (or fortunately depending on your point of view) this doesn't appear to be working. As opposed to IOS, Junos is smart enough to know that it shouldn't advertise prefixes that to a BGP AS that already has that AS in the AS-Path, so a configuration change is also required on the PE router to override that default action
root@R3-PE> configure
Entering configuration mode
[edit]
root@R3-PE# set routing-instances CustomerA protocols bgp group CE advertise-peer-as
[edit]
root@R3-PE# commit and-quit
commit complete
Exiting configuration mode
root@R3-PE> show route advertising-protocol bgp 10.1.34.4
CustomerA.inet.0: 5 destinations, 6 routes (5 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
* 1.1.1.1/32 Self 64512 I
* 4.4.4.4/32 10.1.34.4 64512 I
* 10.1.12.0/24 Self I
root@R4-CE> show route table inet.0 terse
inet.0: 5 destinations, 6 routes (5 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both
A Destination P Prf Metric 1 Metric 2 Next hop AS path
* 1.1.1.1/32 B 170 100 >10.1.34.3 65500 64512 I
* 4.4.4.4/32 D 0 >lo0.0
* 10.1.12.0/24 B 170 100 >10.1.34.3 65500 I
* 10.1.34.0/24 D 0 >em1.34
* 10.1.34.4/32 L 0 Local
R1 can now see the prefix even though the AS-Path is looped
Since either method on Junos requires configuration applied to the PE - using AS-Override is probably the best (and simplest) way to reuse BGP ASNs for your CEs.
MUST READ: Meaningful Availability
4 years ago
No comments:
Post a Comment